CVE-2026-25115

n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. This issue has been patched in version 2.4.8...

CVE-2021-24924

The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue...

PYSEC-2022-293

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.4.8...

BigBlueButton 跨站脚本漏洞

BigBlueButton is an open source Web conferencing system from the BigBlueButton community.A cross-site scripting vulnerability exists in versions prior to BigBlueButton 2.4.8 and prior to 2.5.0, which stems from users in private chat-enabled meetings being vulnerable to malicious JavaScript attack...

AZL-8604 CVE-2022-25236 affecting package expat for versions less than 2.4.8-1

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

AZL-7835 CVE-2022-23852 affecting package expat for versions less than 2.4.8-1

Expat aka libexpat before 2.4.4 has a signed integer overflow in XMLGetBuffer, for configurations with a nonzero XMLCONTEXTBYTES...

PT-2019-4673 · Puma +9 · Puma +10

Name of the Vulnerable Software and Affected Versions: Ruby versions prior to 2.4.8 Ruby versions 2.5.x through 2.5.6 Ruby versions 2.6.x through 2.6.4 Puma versions prior to 3.12.3 Puma versions prior to 4.3.2 Description: The issue is related to incorrect handling of special elements in the...